Conficker: Difference between revisions

Content deleted Content added

Inline

Revision as of 01:23, 19 January 2009

Conficker (also known by the names Downup, Downandup and Kido and Mad Dicks in the Air Nigga) is a computer worm that surfaced in October 2008.^[1] It targets Windows and is mostly found on Windows XP machines. Microsoft released a patch to stop the worm October 15, 2008.^[2] Heinz Heise estimated conservatively that it had infected 2.5 million PCs by January 15, 2009,^[3] while The Guardian mentioned an estimated 3.5 million infected PCs.^[4] By January 16, 2009 it infected almost 9 million PCs,^[5] making it one of the most widespread infections in recent times.^[6]

Operation

When executed on a computer, Conficker disables a number of system services such as Windows Automatic Update, Windows Security Center, Windows Defender, and Windows Error Reporting. It then connects to a server (believed to be in Ukraine^[6]), where it receives further orders to propagate, gather personal information, and downloads and installs additional malware onto the victim computer.^[7] The worm also attaches itself to certain critical Windows processes such as svchost.exe, explorer.exe and services.exe.^[8]

Microsoft

Microsoft Corporation says the worm exploits a known bug in the Windows Server service used by Windows 2000, Windows XP, Windows Vista, Windows Server 2003 and Windows Server 2008.^[9]

References

^ "Three million hit by Windows worm". BBC News Online. BBC. 2009-01-16. Retrieved 2009-01-16.
^ "Microsoft Security Bulletin MS08-067". 2008-10-23. Retrieved 2009-01-19.
^ "Report: 2.5 million PCs infected with Conficker worm". heise online. 2009-01-15. Retrieved 2009-01-16.
^ Schofield, Jack (2009-01-15). "Downadup worm threatens Windows". guardian.co.uk. Guardian News and Media. Retrieved 2009-01-16.
^ Sean (2009-01-16). "Preemptive Blocklist and More Downadup Numbers". F-Secure. Retrieved 2009-01-16.
^ ^a ^b "Downadup virus exposes millions of PCs to hijack". CNN. January 16, 2009. Retrieved 2009-01-18. {{cite news}}: |first= missing |last= (help)
^ "Conficker Worm Attack Getting Worse: Here's How to Protect Yourself". PC World. Jan 17, 2009. Retrieved 2009-01-18. {{cite web}}: |first= missing |last= (help)
^ "F-Secure Malware Information Pages". F-secure. Retrieved 2009-01-18.
^ "Worst virus in years infects 6.5 mn computers". CNN-IBN. 1/18/2009. Retrieved 2009-01-18. {{cite news}}: Check date values in: |date= (help)

[1] "Three million hit by Windows worm". BBC News Online. BBC. 2009-01-16. Retrieved 2009-01-16.

[2] "Microsoft Security Bulletin MS08-067". 2008-10-23. Retrieved 2009-01-19.

[3] "Report: 2.5 million PCs infected with Conficker worm". heise online. 2009-01-15. Retrieved 2009-01-16.

[4] Schofield, Jack (2009-01-15). "Downadup worm threatens Windows". guardian.co.uk. Guardian News and Media. Retrieved 2009-01-16.

[5] Sean (2009-01-16). "Preemptive Blocklist and More Downadup Numbers". F-Secure. Retrieved 2009-01-16.

[Downadup_virus_exposes_millions_of_PCs_to_hijack-6] "Downadup virus exposes millions of PCs to hijack". CNN. January 16, 2009. Retrieved 2009-01-18. {{cite news}}: |first= missing |last= (help)

[Conficker_Worm_Attack_Getting_Worse:_Here's_How_to_Protect_Yourself-7] "Conficker Worm Attack Getting Worse: Here's How to Protect Yourself". PC World. Jan 17, 2009. Retrieved 2009-01-18. {{cite web}}: |first= missing |last= (help)

[F-Secure_Malware_Information_Pages-8] "F-Secure Malware Information Pages". F-secure. Retrieved 2009-01-18.

[Worst_virus_in_years_infects_6.5_mn_computers-9] "Worst virus in years infects 6.5 mn computers". CNN-IBN. 1/18/2009. Retrieved 2009-01-18. {{cite news}}: Check date values in: |date= (help)

[1]

[2]

[3]

[4]

[5]

[6]

[7]

[8]

[9]

Revision as of 00:59, 19 January 2009 view source Ancheta Wis (talk \| contribs) Extended confirmed users 39,216 edits m spelling ← Previous edit		Revision as of 01:23, 19 January 2009 view source 76.119.16.117 (talk) No edit summary Next edit →
Line 1:		Line 1:
	'''Conficker''' (also known by the names '''Downup''', '''Downandup''' and '''Kido''') is a [[computer worm]] that surfaced in October 2008.<ref>{{cite web \|url=http://news.bbc.co.uk/1/hi/technology/7832652.stm \|title=Three million hit by Windows worm \|date=2009-01-16 \|accessdate=2009-01-16 \| work = [[BBC News Online]] \|publisher=[[BBC]]}}</ref> It targets Windows and is mostly found on [[Windows XP]] machines. Microsoft released a [[Patch (computing)\|patch]] to stop the worm October 15, 2008.<ref>{{cite web\|url=http://www.microsoft.com/technet/security/Bulletin/MS08-067.mspx\|title=Microsoft Security Bulletin MS08-067\|date=2008-10-23\|accessdate=2009-01-19}}</ref> [[Heinz Heise]] estimated conservatively that it had infected 2.5 million PCs by January 15, 2009,<ref>{{cite web \|url=http://www.heise.de/english/newsticker/news/121781 \|title=Report: 2.5 million PCs infected with Conficker worm \|date=2009-01-15 \|accessdate=2009-01-16 \|publisher=[[Heinz Heise\|heise online]]}}</ref> while ''[[The Guardian]]'' mentioned an estimated 3.5 million infected PCs.<ref>{{cite web \|first=Jack \|last=Schofield \|title=Downadup worm threatens Windows \|url=http://www.guardian.co.uk/technology/blog/2009/jan/15/downadup-conficker-worm \|work=[[guardian.co.uk]] \|publisher=[[Guardian Media Group\|Guardian News and Media]] \|date=2009-01-15 \|accessdate=2009-01-16}}</ref> By January 16, 2009 it infected almost 9 million PCs,<ref>{{cite web \|title=Preemptive Blocklist and More Downadup Numbers \|author=Sean \|url=http://www.f-secure.com/weblog/archives/00001582.html \|date=2009-01-16 \|accessdate=2009-01-16 \| publisher=[[F-Secure]]}}</ref> making it one of the most widespread infections in recent times.<ref name="Downadup virus exposes millions of PCs to hijack" />		'''Conficker''' (also known by the names '''Downup''', '''Downandup''' and '''Kido''' and '''Mad Dicks in the Air Nigga''') is a [[computer worm]] that surfaced in October 2008.<ref>{{cite web \|url=http://news.bbc.co.uk/1/hi/technology/7832652.stm \|title=Three million hit by Windows worm \|date=2009-01-16 \|accessdate=2009-01-16 \| work = [[BBC News Online]] \|publisher=[[BBC]]}}</ref> It targets Windows and is mostly found on [[Windows XP]] machines. Microsoft released a [[Patch (computing)\|patch]] to stop the worm October 15, 2008.<ref>{{cite web\|url=http://www.microsoft.com/technet/security/Bulletin/MS08-067.mspx\|title=Microsoft Security Bulletin MS08-067\|date=2008-10-23\|accessdate=2009-01-19}}</ref> [[Heinz Heise]] estimated conservatively that it had infected 2.5 million PCs by January 15, 2009,<ref>{{cite web \|url=http://www.heise.de/english/newsticker/news/121781 \|title=Report: 2.5 million PCs infected with Conficker worm \|date=2009-01-15 \|accessdate=2009-01-16 \|publisher=[[Heinz Heise\|heise online]]}}</ref> while ''[[The Guardian]]'' mentioned an estimated 3.5 million infected PCs.<ref>{{cite web \|first=Jack \|last=Schofield \|title=Downadup worm threatens Windows \|url=http://www.guardian.co.uk/technology/blog/2009/jan/15/downadup-conficker-worm \|work=[[guardian.co.uk]] \|publisher=[[Guardian Media Group\|Guardian News and Media]] \|date=2009-01-15 \|accessdate=2009-01-16}}</ref> By January 16, 2009 it infected almost 9 million PCs,<ref>{{cite web \|title=Preemptive Blocklist and More Downadup Numbers \|author=Sean \|url=http://www.f-secure.com/weblog/archives/00001582.html \|date=2009-01-16 \|accessdate=2009-01-16 \| publisher=[[F-Secure]]}}</ref> making it one of the most widespread infections in recent times.<ref name="Downadup virus exposes millions of PCs to hijack" />

	==Operation==		==Operation==

Revision as of 01:23, 19 January 2009

Operation

Microsoft

See also

References